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What is claimed is: 

1 . A method for enabling a mobile device to roam among access points in a 

wireless local area network, the mobile device capable of communicating with 
5 the access points, the method comprising the computer-implemented steps of: 

establishing a secure connection from the mobile device through an initial 
& access point to an initial gateway server; 

D providing connection information to a target gateway server from the 

jpi initial gateway server about the secure connection, based on a triggering event 

10 that initiates a transfer of the mobile device from the initial access point to a 

frl target access point associated with the target gateway server; and 

receiving the connection information at the target gateway server to 
Jf; maintain the secure connection from the mobile device through the target access 

yj point back to the initial gateway server. 

15 2. The method of Claim 1 , wherein the mobile device is assigned an internet 

protocol address by the initial gateway server and the secure connection is based 
on the internet protocol address, and the step of providing the connection 
information includes maintaining the secure connection based on the internet 
protocol address assigned to the mobile device. 

20 3 . The method of Claim 1 , further comprising a step of providing a nested tunnel to 
couple the initial gateway server and the target gateway server. 



4. 



The method of Claim 3, wherein the step of providing the nested tunnel to 
couple the initial gateway server and the target gateway server is based on a 
hardwired connection between the initial gateway server and the target gateway 
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server. 

The method of Claim 1, wherein the triggering event is a movement of the 
mobile device out of range of the initial access point and within range of the 
target access point. 

The method of Claim 1, wherein the triggering event is a determination that the 
target access point has a preferable level of congestion compared to a level of 
congestion for the initial access point. 

The method of Claim 1, wherein the step of providing the connection 
information comprises extending the secure connection from the target gateway 
server to the initial gateway server, so that the initial gateway server decrypts 
secure messages originating from the mobile device. 

The method of Claim 1, wherein the step of providing the connection 
information comprises establishing a virtual representation of the initial gateway 
server at the target gateway server. 

15 9. A gateway system for enabling a mobile device to roam among access points in 
a wireless local area network, the mobile device capable of communicating with 
the access points, the gateway system comprising: 
an initial gateway server, and 

a target gateway server in communication with the initial gateway server; 
20 wherein: 

the initial gateway server establishes a secure connection from the 
mobile device through an initial access; 

the initial gateway server provides connection information to the 
target gateway server about the secure connection, based on a triggering 
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event that initiates a transfer of the mobile device from the initial access 
point to a target access point associated with the target gateway server; 
and 

the target gateway server receives the connection information to 
5 maintain the secure connection from the mobile device through the target 

access point back to the initial gateway server. 

The gateway system of Claim 9, wherein the mobile device is assigned an 
internet protocol address by the initial gateway server, the secure connection is 
based on the internet protocol address, and the initial gateway server maintains 
the connection based on the internet protocol address assigned to the mobile 
device. 

The gateway system of Claim 9, wherein the initial gateway server and the target 
gateway server are coupled by a nested tunnel between the initial gateway server 
and the target gateway server. 

The gateway system of Claim 1 1 , wherein the nested tunnel between the initial 
gateway server and the target gateway server is based on a hard wired connection 
between the initial gateway server and the target gateway server. 

The gateway system of Claim 9, wherein the triggering event is a movement of 
the mobile device out of range of the initial access point and within range of the 
target access point. 



10. 
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14. 



The gateway system of Claim 9, wherein the triggering event is a determination 
that the target access point has a preferable level of congestion compared to a 
level of congestion for the initial access point. 
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The gateway system of Claim 9, wherein the target gateway server extends the 
secure connection from the target gateway server to the initial gateway server, so 
that the initial gateway server decrypts secure messages originating from the 
mobile device. 

The gateway system of Claim 9, wherein the target gateway server establishes a 
virtual representation of the initial gateway server at the target gateway server. 

A computer program product that includes a computer usable medium having 
computer program instructions stored thereon for enabling a mobile device to 
roam among access points in a wireless local area network, the mobile device 
capable of communicating with the access points, such that the computer 
program instructions, when performed by a digital processor, cause the digital 
processor to: 

establish a secure connection from the mobile device through an initial 
access point to an initial gateway server; 

provide connection information to a target gateway server from the initial 
gateway server about the secure connection, based on a triggering event that 
initiates a transfer of the mobile device from the initial access point to a target 
access point associated with the target gateway server; and 

receive the connection information at the target gateway server to 
maintain the secure connection from the mobile device through the target access 
point back to the initial gateway server. 

A method for enabling a mobile device to roam between a first wireless network 
and a second wireless network, the first wireless network substantially 
heterogeneous with the second wireless network, both the first wireless network 
and the second wireless network capable of communicating with an intermediary 
network, and the mobile device capable of accessing the first wireless network 
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and the second wireless network, the method comprising the computer- 
implemented steps of: 

receiving a request at the first wireless network to access the second 
wireless network, the request being on behalf of the mobile device and 
indicating a network system specifying the second wireless network; 

through the intermediary network, obtaining an access identifier for the 
second wireless network, the access identifier for use by the mobile device when 
accessing the second wireless network; and 

providing the access identifier for the mobile device to use when 
accessing the second wireless network. 

The method of Claim 18, wherein the first wireless network is a wireless local 
area network, the second wireless network is a cellular telecommunications 
network, and the mobile device is a personal digital assistant. 

The method of Claim 18, wherein the request includes a user identification of a 
user of the mobile device, and the step of receiving the request includes 
determining an identity of the network system as a function of the user 
identification. 

The method of Claim 18, wherein the step of obtaining the access identifier 
includes providing an authentication request based on the request to a dynamic 
host configuration server. 

The method of Claim 18, wherein the access identifier is an internet protocol 
address and the intermediary network is the internet. 

The method of Claim 18, wherein the step of obtaining the access identifier 
includes requesting the access identifier from a network gateway for the second 
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wireless network, the network gateway providing the access identifier from a 
predefined range of access identifiers allocated to the second wireless network. 

The method of Claim 18, wherein the step of providing the access identifier 
includes storing the access identifier in a device database that includes a device 
identification for the mobile device. 

A network gateway for enabling a mobile device to roam between a first wireless 
network and a second wireless network, the first wireless network substantially 
heterogeneous with the second wireless network, both the first wireless network 
and the second wireless network capable of communicating with an intermediary 
network, and the mobile device capable of accessing the first wireless network 
and the second wireless network, the network gateway comprising: 

a digital processor that hosts and executes a gateway application for 
receiving a request to access the second wireless network, the gateway 
application and the mobile device associated with the first wireless network, and 

a communications interface coupled with the gateway application, the 
gateway application configuring the digital processor to: 

receive the request through the communication interface and the 

initial wireless network to access the second wireless network, the 

request being on behalf of the mobile device and indicating a network 

system specifying the second wireless network; 

obtain through the communications interface and the intermediary 

network an access identifier for the second wireless network, the access 

identifier for use by the mobile device when accessing the second 

wireless network, and 

provide through the communications interface the access 

identifier to the mobile device to use when accessing the second wireless 

network. 
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26. The network gateway of Claim 25, wherein the first wireless network is a 
wireless local area network, the second wireless network is a cellular 
telecommunications network, and the mobile device is a personal digital 
assistant. 

5 27. The network gateway of Claim 25, wherein the request includes a user 
identification of a user of the mobile device, and the gateway application 
configures the digital processor to determine an identity of the network system 
as a function of the user identification. 

28. The network gateway of Claim 25, wherein the gateway application configures 
1 0 the digital processor to provide through the communications interface an 

authentication request based on the request to a dynamic host configuration 
server. 

29. The network gateway of Claim 25, wherein the access identifier is an internet 
protocol address and the intermediary network is the internet. 

15 30. The network gateway of Claim 25, wherein the gateway application configures 
the digital processor to request through the communications interface the access 
identifier from a second network gateway for the second wireless network, the 
second network gateway providing the access identifier from a predefined range 
of access identifiers allocated to the second wireless network. 

20 31. The network gateway of Claim 25, wherein the gateway application configures 
the digital processor to store the access identifier in a device database that 
includes a device identification for the mobile device. 
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A computer program product that includes a computer usable medium having 
computer program instructions stored thereon for enabling a mobile device to 
roam between a first wireless network and a second wireless network, the first 
wireless network substantially heterogeneous with the second wireless network, 
both the first wireless network and the second wireless network capable of 
communicating with an intermediary network, and the mobile device capable of 
accessing the first wireless network and the second wireless network, such that 
the computer program instructions, when performed by a digital processor, cause 
the digital processor to: 

receive a request at the first wireless network to access the second 
wireless network, the request being on behalf of the mobile device and 
indicating a network system specifying the second wireless network; 

through the intermediary network, obtain an access identifier for the 
second wireless network, the access identifier for use by the mobile device when 
accessing the second wireless network; and 

provide the access identifier to the mobile device to use when accessing 
the second wireless network. 



